DH parameter reading in OPENSSL 3
Dirk Stöcker
openssl at dstoecker.de
Wed Jul 13 16:47:15 UTC 2022
Hello,
> https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c#L148-L205
Thanks a lot. Works in principle now with one exception. The previous
approach worked for a file, where first comes the PEM certificate and
afterwards the DH params. The new approach only works when the file has
nothing than the DH params inside. Is there a chance to get that behaviour
back or do I need to load the file and strip the certificate myself?
>> Now it seems the default can be replaced by
>>
>> SSL_CTX_set_dh_auto(context, 1);
>
> This is preferred over all explicit parameter choices, as it allows the
> server and client to negotiate a common known-strong group.
I thought so and this also will be the default.
Freedom in Peace
--
https://www.dstoecker.eu/ (PGP key available)
More information about the openssl-users
mailing list